Skip to main content
Springer Nature Link
Log in

A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion

  • Conference paper
  • First Online:
Information Security and Cryptology — ICISC 2002 (ICISC 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2587))

Included in the following conference series:

Abstract

This article presents a simple power-analysis (SPA) attack on implementations of the AES key expansion. The attack reveals the secret key of AES software implementations on smart cards by exploiting the fact that the power consumption of most smart-card processors leaks information during the AES key expansion. The presented attack efficiently utilizes this information leakage to substantially reduce the key space that needs to be considered in a brute-force search for the secret key. The details of the attack are described on the basis of smart cards that leak the Hamming weight of intermediate results occurring during the AES key expansion.

The work described originates from the European Commission funded project Crypto Module with USB Interface (USB_CRYPT) established under contract number IST- 2000-25169 in the Information Society Technologies (IST) program.

National Institute of Standards and Technology

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. M.-L. Akkar, R. Bevan, P. Dischamp, and D. Moyart. Power Analysis, What Is Now Possible... In Advances in Cryptology-ASIACRYPT 2000, volume 1976 of Lecture Notes in Computer Science (LNCS), pages 489–502. Springer-Verlag, 2000. 349

    Chapter  Google Scholar 

  2. M.-L. Akkar and C. Giraud. An implementation of DES and AES, secure against some attacks. In Cryptographic Hardware and Embedded Systems-CHES 2001, volume 2162 of Lecture Notes in Computer Science (LNCS), pages 309–318. Springer-Verlag, 2001. 344, 355

    Chapter  Google Scholar 

  3. G. Bertoni, L. Breveglieri, P. Fragneto, M. Macchetti, and S. Marchesin. Efficient Software Implementation of AES on 32-bits Platforms. In Cryptographic Hardware and Embedded Systems-CHES 2002, Lecture Notes in Computer Science (LNCS). Springer-Verlag, 2002. 348, 354

    Google Scholar 

  4. E. Biham and A. Shamir. Power Analysis of the Key Scheduling of the AES Candidates. In Second Advanced Encryption Standard (AES) Candidate Conference, Rome, Italy, 1999. 343, 344, 347

    Google Scholar 

  5. S. Chari, C. Jutla, J.R. Rao, and P. Rohatgi. A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards. In Second Advanced Encryption Standard (AES) Candidate Conference, Rome, Italy, 1999. 343

    Google Scholar 

  6. J. Daemen and V. Rijmen. The Design of Rijndael. Springer-Verlag, 2002, ISBN b3-540-42580-2. 343

    Google Scholar 

  7. J. Daemen and V. Rijmen. The Rijndael Page. Available at http://www.esat.kuleuven.ac.be/~rijmen/rijndael/. 348

  8. J. Daemen and V. Rijmen. Resistance Against Implementation Attacks. A Comparative Study of the AES Proposals. In Second Advanced Encryption Standard (AES) Candidate Conference, Rome, Italy, 1999. 343

    Google Scholar 

  9. P. Fahn and P. Pearson. IPA: A New Class of Power Attacks. In Workshop on Cryptographic Hardware and Embedded Systems-CHES 1999, volume 1717 of Lecture Notes in Computer Science (LNCS), pages 173–186. Springer-Verlag, 1999. 347

    Google Scholar 

  10. V. Fischer and M. Drutarovský. Two Methods of Rijndael Implementation in Reconfigurable Hardware. In Workshop on Cryptographic Hardware and Embedded Systems-CHES 2001, volume 2162 of Lecture Notes in Computer Science (LNCS), pages 77–92. Springer-Verlag, 2001. 354

    Google Scholar 

  11. J. Dj. Golic and C. Tymen. Multiplicative Masking and Power Analysis of AES. In Cryptographic Hardware and Embedded Systems-CHES 2002, Lecture Notes in Computer Science (LNCS). Springer-Verlag, 2002. 344, 355, 356

    Google Scholar 

  12. K. Itoh, M. Takenaka, and N. Torii. DPA Countermeasure Based on the “Masking Method”. In Information Security and Cryptology-ICISC 2001, volume 2288 of Lecture Notes in Computer Science (LNCS), pages 440–456. Springer-Verlag, 2002. 344, 355

    Chapter  Google Scholar 

  13. P. C. Kocher, J. Jaffe, and B. Jun. Differential Power Analysis. In Advances in Cryptology-CRYPTO 1999, volume 1666 of Lecture Notes in Computer Science (LNCS), pages 388–397. Springer-Verlag, 1999. 343, 346

    Google Scholar 

  14. H. Kuo and I. Verbauwhede. Architectural Optimization for a 1.82Gbits/sec VLSI Implementation of the AES Rijndael Algorithm. In Workshop on Cryptographic Hardware and Embedded Systems-CHES 2001, volume 2162 of Lecture Notes in Computer Science (LNCS), pages 51–64. Springer-Verlag, 2001. 354

    Google Scholar 

  15. R. Mayer-Sommer. Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards. In Cryptographic Hardware and Embedded Systems-CHES 2000, volume 1965 of Lecture Notes in Computer Science (LNCS) pages 78–92. Springer-Verlag, 2000. 344

    Chapter  Google Scholar 

  16. M. McLoone and J.V. McCanny. High Performance Single-Chip FPGA Rijndael Algorithm Implementations. In Workshop on Cryptographic Hardware and Embedded Systems-CHES 2001, volume 2162 of Lecture Notes in Computer Science (LNCS), pages 65–76. Springer-Verlag, 2001. 354

    Google Scholar 

  17. T. S. Messerges. Using Second-Order Power Analysis to Attack DPA Resistant Software. In Cryptographic Hardware and Embedded Systems-CHES 2000, volume 1965 of Lecture Notes in Computer Science (LNCS), pages 238–251. Springer-Verlag, 2000. 344

    Chapter  Google Scholar 

  18. T. S. Messerges, E.A. Dabbish, and R. H. Sloan. Investigations of Power Analysis Attacks on Smartcards. In Proceedings of USENIX Workshop on Smartcard Technology, pages 151–162, 1999. 344

    Google Scholar 

  19. National Institute of Standards and Technology. FIPS 197 Advanced Encryption Standard (AES). Available at http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf. 343, 345

  20. National Institute of Standards and Technology. FIPS 46-2 Data Encryption Standard (DES). Available at http://csrc.nist.gov/publications/fips/. 343

  21. National Institute of Standards and Technology. The AES Home Page. Available at http://csrc.nist.gov/encryption/aes/. 348

  22. A. Satoh, S. Morioka, K. Takano, and S. Munetoh. A Compact Rijndael Hardware Architecture with S-Box Optimization. In Advances in Cryptology-ASIACRYPT 2001, volume 2248 of Lecture Notes in Computer Science (LNCS), pages 239–254. Springer-Verlag, 2001. 354

    Chapter  Google Scholar 

  23. K. Tiri, M. Akmal, and I. Verbauwhede. A Dynamic and Differential CMOS Logic with Signal Independent Power Consumption to Withstand Differential Power Analysis on Smart Cards. In 28th European Solid-State Circuits Conference-ESSCIRC 2002, Florence, Italy, 2002. 343

    Google Scholar 

  24. E. Trichina, D. De Seta, and L. Germani. Simplified Adaptive Multiplicative Masking for AES and its Secure Implementation. In Cryptographic Hardware and Embedded Systems-CHES 2002, Lecture Notes in Computer Science (LNCS). Springer-Verlag, 2002. 344, 355, 356

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Applied Information Processing and Communications, Graz University of Technology, Inffeldgasse 16a, A-8010, Graz, Austria

    Stefan Mangard

Authors
  1. Stefan Mangard
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Pohnag University of Science and Technology, San 31, Hyoja-dong, Nam-gu, Pohang, 790-784, Kyungbuk, Korea

    Pil Joong Lee

  2. Sejong University, 98, Gunja-dong, Gwangjin-gu, 143-747, Seoul, Korea

    Chae Hoon Lim

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mangard, S. (2003). A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion. In: Lee, P.J., Lim, C.H. (eds) Information Security and Cryptology — ICISC 2002. ICISC 2002. Lecture Notes in Computer Science, vol 2587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36552-4_24

Download citation

  • DOI: https://doi.org/10.1007/3-540-36552-4_24

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00716-6

  • Online ISBN: 978-3-540-36552-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics